• Then suddenly the web slowed massively for me. I kept browsing. After a few hours of slogging, I decided to check my Norton history.
• I had about 30 pages of "Unauthorized access blocked (Open File), with the actor being Mozilla Firefox (web browser). I didn't have these continuous log messages prior to the manual Live Update this morning.
• I ran Live Update again. Still getting the same message when I opened the web browser and then checked the Norton log.
• I then disabled the Norton Toolbar addon. That fixed the problem. No more issues, and the web is back to normal for me.
• Then suddenly the web slowed massively for me. I kept browsing. After a few hours of slogging, I decided to check my Norton history.
• I had about 30 pages of "Unauthorized access blocked (Open File), with the actor being Mozilla Firefox (web browser). I didn't have these continuous log messages prior to the manual Live Update this morning.
• I ran Live Update again. Still getting the same message when I opened the web browser and then checked the Norton log.
• I then disabled the Norton Toolbar addon. That fixed the problem. No more issues, and the web is back to normal for me.
I don’t think the Norton toolbar was causing the intrusion alerts the attack may have stopped as you disabled it would you like to try enabling it again to check?
If you want to keep your vault on your local machine rather than online in the cloud there is the ability on previous versions to keep this by doing an over the top installation but I’m not sure about the new version of Norton.
If you have an active subscription to Norton (2006 or newer), you can update to the latest version forfree. To do this, go to the link below and selectUpdate Me Now.
Then run live updates as many times as it takes to get, no more live updates, restarting as requested.
You might like to backup the personal data and you’ll need to backup or export in both formats your identity safe and any other users identity safe if it is used, before doing the above.
Check out the link below to see what some people are saying about v21.0.1.3.
I don’t think the Norton toolbar was causing the intrusion alerts the attack may have stopped as you disabled it would you like to try enabling it again to check?
These weren't intrusion alerts or attacks. "Unauthorized Access Blocked" are Norton Product Tamper Protection events, which are harmless.
intesec wrote: I don’t think the Norton toolbar was causing the intrusion alerts the attack may have stopped as you disabled it would you like to try enabling it again to check?
It wasn't an intrusion alert. It was a Medium level error that only appeared in my system log - no pop up warnings. One file on my computer was supposedly trying to access another. In the "Advanced Details" window for the history log item it says:
• Severity: Medium
• Unauthorized access blocked (Open File)
• Time and date
• Status: Blocked
• Recommended Action: No Action Required
• Actor: Firefox.exe
• Target: nppw.dat
There were 30 pages of this, over a few hours. Previously, before my manual Live Update run this morning, this messages were few - nothing like the spamming my log got after the Live Update session. Right after the live update session, my web connection slowed down dramatically. But it wasn't my connection that was the problem - I tested it on a popular connection speed test website and it was very fast. It was my browser that had been degraded, not the connection speed. Then, IMMEDIATELY after I disabled my Norton Toolbar, my browser went back to normal - became very fast again. And, I just checked, it's like an hour and a half after I disabled the toolbar, and there is not a single error of that type in my Norton history log since.
This was a several hour event, that started right after the Live Update session and ended immediately after I disabled the toolbar. And disabling the toolbar coincided with no more log file entries, of which 30 pages had been generated in a few hours. The evidence clearly indicates to me a problem with the toolbar, caused by the Live Update session.
Please see the thread from a few days ago. Evidently this is not just a Microsoft Windows problem We have two computers, one with Windows Vista and the other one with Windows XP. I think this has to be a Norton problem. Many of us thought some Windows Updates might have caused it. However, it looks like it is a Norton problem. Hopefully someone on this forum,who can notify Norton will get back to them as this has been going on since the evening of Sept.12 for me and Sept. 9 for my sister.Hope this helps.
I had about 30 pages of "Unauthorized access blocked (Open File), with the actor being Mozilla Firefox (web browser). I didn't have these continuous log messages prior to the manual Live Update this morning...I then disabled the Norton Toolbar addon. That fixed the problem. No more issues, and the web is back to normal for me.
Software details:• Norton Internet Security version 18.7.x.x• Mozilla Firefox 12.0
Hi kermit:
Welcome to the Norton Forum.
I had a similar problem. In my case, it appeared to be caused by an attempted defrag of files associated with my Firefox v. 23.0.1 browser's Norton Toolbar and/or Identity Safe extensions (see post # 64 in Calls' thread). Symantec released an update to their Behavior and Security Heuristics earlier this week (see post # 84 by elsewhere) that has resulted in an increase in the number of "unauthorized" access blocks by Norton Product Tamper Protection (see post # 42 for further details on the purpose of Tamper Protection).
I agree with SendOfJive. While this upswing in "unauthorized" access blocks in your history looks alarming, it doesn't mean that your computer is under attack and there's no need to be concerned.
You should also read Tony Weiss's latest post here about Firefox support for the Norton Toolbar. In part, it states "Please note: We now only officially support Firefox 21.0 and above. Firefox 20.x and older are no longer supported".
------------ MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
I don't seem to get the notifications during the time I'm using my computer.
Hi Holly:
I suspect it has something to do with the problem you're having with your Windows Disk Defragmenter (dfgrntfs.exe). When you stop using your computer, your system goes into idle and your idletime disk defrag starts up again. As soon as it tries to defrag Norton files (possibly files associated with your Norton Toolbar and/or Identity Safe), Norton Product Tamper Protection kicks in and floods your security history with "unauthorized" access blocks. When you start working on your computer again, your system comes out of idle mode and the defrag pauses, which in turn stops the logging of further access blocks.
Did you try Apostolos' suggestion here and run Window's System File Checker (sfc.exe /scannow) from an elevated prompt with Administrator rights? You can follow the instructions here, and if Vista finds any corrupted system files it might be able to automatically repair the files, including any associated with your Windows Disk Defragmenter.
------------ MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
I tried disabling the Norton toolbar, but it didn't work for me . Also I don't seem to get the notifications during the time I'm using my computer.
Holly
Holly:
In your Norton log, what's the actor, and what's the target? If you click on the log file entry, and click More Details, it will show this information.
Is your log being spammed by this item? Meaning are there hundreds of entries a few seconds apart?
Further to my previous posts, on my 32-bit Vista machine the actor was always C:\Windows\System32\dfrgntfs.exe (actor PID 2244). The Norton files reported as the target varied but almost every one was located in a subfolder of C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\. I googled {0C55C096-0F1D-4F28-AAA2-85EF591126E7} and it appears the Norton extensions for my Firefox browser (e.g., coFFPlgn.dll, IPSFFPl.dll, etc.) might have been the intended target of dfrgntfs.exe for many of these blocks (see my posts here in Calls' thread).
I believe that my disk defrag was triggered by the Windows Update that ran on 10-Sep-2013 (i.e., this month's Patch Tuesday, which occurs the second Tuesday of each month) - which is the day after Norton's LiveUpdate delivered the update for the Behavior and Security Heuristics . I closed my Firefox browser, left my system in extended idle mode for a few hours to let my defrag run to completion (see my instructions in post # 71) and this seems to have permanently stopped the flood of "unauthorized" access blocks on my system - at least for the time beiing.
EDIT:
LiveUpdate just delivered an update for my Norton Toolbar extension this morning for the upcoming release of Firefox 24 (see Mohan_G's announcement here) and this could potentially trigger more blocks on some systems. I checked my security history for Norton Product Tamper Protection and I'm just seeing the occasional block for Window's svchost.exe and services.exe but not the previous flood of multiple blocks per minute for dfgrntfs.exe.
------------ MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
I have Windows Vista , Norton version :19.9.14 (which I believe is Norton 2012).
The target is:C:/ProgramData/Norton/0C55C...
However I haven't seen any more of the notifications since I turned on my Computer today (Sept. 16) at around 6:00 AM ESDT. So somebody fixed the problem---I WONDER who?????
I fail to see why users are getting so upset about a change in the reporting features of Norton products.
As SendOfJive has pointed out, this is not an instrusion, but Norton Tamper Protection doing its job. Windows Defrag is trying to move a Symantec file, and Norton is reporting this now, where it did not in the past. These protections were allways happening in the background, it is just now being reported.
Is this a reason to move on to some other product? That is your call. It is not like this is harming your system. It is only taking up some of your valuable time in reading logs, which most users do not even know about.
At the moment for what ever reason Norton is not at times silently logging (reporting) the Anti-Tamper protection entries and is instead alerting users of actions they do not need to worry about.
• Then suddenly the web slowed massively for me. I kept browsing. After a few hours of slogging, I decided to check my Norton history.
• I had about 30 pages of "Unauthorized access blocked (Open File), with the actor being Mozilla Firefox (web browser). I didn't have these continuous log messages prior to the manual Live Update this morning.
• I ran Live Update again. Still getting the same message when I opened the web browser and then checked the Norton log.
• I then disabled the Norton Toolbar addon. That fixed the problem. No more issues, and the web is back to normal for me.
I don’t think the Norton toolbar was causing the intrusion alerts the attack may have stopped as you disabled it would you like to try enabling it again to check?
If you want to keep your vault on your local machine rather than online in the cloud there is the ability on previous versions to keep this by doing an over the top installation but I’m not sure about the new version of Norton.
If you have an active subscription to Norton (2006 or newer), you can update to the latest version forfree. To do this, go to the link below and selectUpdate Me Now.
Then run live updates as many times as it takes to get, no more live updates, restarting as requested.
You might like to backup the personal data and you’ll need to backup or export in both formats your identity safe and any other users identity safe if it is used, before doing the above.
Check out the link below to see what some people are saying about v21.0.1.3.
I don’t think the Norton toolbar was causing the intrusion alerts the attack may have stopped as you disabled it would you like to try enabling it again to check?
These weren't intrusion alerts or attacks. "Unauthorized Access Blocked" are Norton Product Tamper Protection events, which are harmless.